If Detection Server advanced setting RequestProcessor.AddHeaderOnMessageTimeout is set to true, then every message sent is added with Message Timeout Header. Irrespective of Timeout.

This can cause downstream mail handling issues, such as reprocessing, encrypting, quarantine, or redirecting messages that would otherwise not have these actions taken. 

DLP 16.1

Downstream MTA that is reactive to the timeout header: X-Symantec-DLP: Message timed out (potential Enforce system event 1213)

Steps to Reproduce:

1. On the Detection Server Advanced Settings, set RequestProcessor.AddHeaderOnMessageTimeout=true
2. Setup SMTP on the Enforce
3. Try sending Email
4. When email is check on the client and looked for Source its added with Message Timed Out Header.

Before a message is delivered to the downstream MTA, the code checks to see if detection has been completed by checking an "is message examined" flag. If this flag is not true and AddHeaderOnMessageTimeout is true, then the message is sent to the downstream MTA with the timeout header added.
The new 16.1 detection services was erroneously not coded to setting this flag at the completion of detection.
This was resolved by adding setting this flag to true at the completion of detection. As before, if detection doesn't complete before message detection timeout or RPL timeout (which ever comes first), then this flag will still not be true and the expected timeout header is added as per design.

Apply the hotfix version 16.1.00102.60145 or later.

Available on the support portal:

• Symantec_DLP_16.1_MP1HF2_Platform_Lin-IN_16.1.00102.60145.zip
• Symantec_DLP_16.1_MP1HF2_Platform_Win-IN_16.1.00102.60145.zip